Pwn@Home An Attack Path to jailbreaking your home router
Pwn@Home An Attack Path to jailbreaking your home router
Pwn@Home An Attack Path to jailbreaking your home router
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Set-<strong>to</strong>p-box Router Firmware<br />
Arbitrary code execution<br />
External library loading (1)<br />
package.loadlib(libname, funcname)<br />
Library loaded by dlopen()<br />
Fonction address resolved by dlsym()<br />
Only one argument of type lua_State *<br />
Load of existing library is useless<br />
Some folders are writeable (/tmp/, /media/hard drive/, etc.)<br />
But mounted with noexec option: syscall mmap() fail (flag<br />
PROT_EXEC)